CyberArk CEO: Being compliant is not the same as being secure

Udi Mokady tells customers and partners at Impact event in Barcelona that he worries about customers 'that settle for being compliant'

Being compliant is not good enough to fully protect organisations' systems, according to Udi Mokady, speaking at the vendor's Impact 2016 event in Barcelona today.

In his keynote speech, Mokady said he worries about how secure companies are when they strive only to comply with security standards set by regulatory organisations.

"My role as CEO of a cybersecurity company is to worry. It is to worry and think with the rest of the CyberArk team about how we protect our customers and give them measurable security," he said.

"We don't just have to worry about the next big attack, we also have to worry about our customers that settle for being compliant. Compliance is not secure."

Mokady referenced an unnamed customer to explain his point: the customer was fully compliant with regulations but was still hacked, and its data stolen.

This event is CyberArk's eighth annual customer gathering, which over the past few years has morphed into a partner event as well.

The NASDAQ-listed company - which earlier this year was rumoured to have been in potential takeover talks with Check Point - hit $161m (£122m) revenue in 2015, a 56 per cent growth year on year.

Mokady claimed that CyberArk has "grown into a resilient company".

He said this was down to customers understanding the importance of privileged account security in protecting organisations from attacks.

"People here on the ground understand the notion that security comes from the inside. Our vision is to think that the attacker is already on the inside, and provide security to combat that," he explained.